General

  • Target

    fed9f208903856f0f2c00df67307c3de15eb263034de69cbc0426bc4120e7b9e.bin

  • Size

    785KB

  • Sample

    240809-1418zawbmd

  • MD5

    4255c541335d7618cb3774b976f19453

  • SHA1

    5c35fefedbd1b0ee221066ff30c0698db6559d8f

  • SHA256

    fed9f208903856f0f2c00df67307c3de15eb263034de69cbc0426bc4120e7b9e

  • SHA512

    c62fe5ef7ac138169ce80a4d89ee3e24355e5d3bf091739e3a7415c313a8c2cce1eff0e94c66cbb2b45ad66be106b99728eb9610f89d072e9e23f657a36142eb

  • SSDEEP

    12288:ZoFmBZRvSMqBHOXiXIiIE5WmpYshXZPbGwidNpgw:ZogBZRrqBuXiIiIE5WmD9idNp3

Malware Config

Extracted

Family

spynote

C2

mhn.myftp.biz:5214

Targets

    • Target

      fed9f208903856f0f2c00df67307c3de15eb263034de69cbc0426bc4120e7b9e.bin

    • Size

      785KB

    • MD5

      4255c541335d7618cb3774b976f19453

    • SHA1

      5c35fefedbd1b0ee221066ff30c0698db6559d8f

    • SHA256

      fed9f208903856f0f2c00df67307c3de15eb263034de69cbc0426bc4120e7b9e

    • SHA512

      c62fe5ef7ac138169ce80a4d89ee3e24355e5d3bf091739e3a7415c313a8c2cce1eff0e94c66cbb2b45ad66be106b99728eb9610f89d072e9e23f657a36142eb

    • SSDEEP

      12288:ZoFmBZRvSMqBHOXiXIiIE5WmpYshXZPbGwidNpgw:ZogBZRrqBuXiIiIE5WmD9idNp3

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks